Secuity Center

Summary

A security vulnerability has been identified on ASRock Group motherboards based on Intel 500, 600, 700, and 800 series platforms. Pre-boot memory protection is not properly activated, which may allow a physically present attacker with a DMA-capable PCIe device to access or modify system memory before the operating system’s security mechanisms are enabled.

Details & Impact

During the UEFI initialization stage, the platform’s IOMMU was not configured. As a result, a local attacker with physical access and a DMA-capable PCIe device could potentially read or modify system memory during the pre-boot phase, before the OS kernel and its security features are loaded. This condition may expose sensitive data and could allow pre-boot code injection.

Solution

Update the BIOS firmware to the latest version available for your motherboard, You can find your product through the Support Center or the Motherboards product page. After updating, please refer to ASRock QA “Pre-boot DMA Protection option” to ensure your product’s security.

Firmware updates for 600 / 700 / 800 series models have been released.
Updates for 500 series models are currently in progress, please contact ASRock_Security for further assistance.

Acknowledgements

Thanks to reporter Nick Peterson and Mohamed Al-Sharifi of Riot Games for reporting this issue and working with relevant coordination teams during disclosure.